Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/zcMfZF0KRNk3qb5OPaimPG61dWs.roa
File: zcMfZF0KRNk3qb5OPaimPG61dWs.roa (raw, json)
Hash identifier: 5BIQRbeiLQ55XEk2wd8/oB8gXefKKmnZqmiuIbvZufY=
Subject key identifier: CD:C3:1F:64:5D:0A:44:D9:37:A9:BE:4E:3D:A8:A6:3C:6E:B5:75:6B
Certificate issuer: /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial: 018573588EB20651E2A7B9B249E369F46A37
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/zcMfZF0KRNk3qb5OPaimPG61dWs.roa
Signing time: Mon 02 Jan 2023 16:37:41 +0000
ROA not before: Mon 02 Jan 2023 16:37:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34304
IP address blocks: 86.107.58.0/23 maxlen: 23
86.107.57.0/24 maxlen: 24
188.211.164.0/23 maxlen: 23
86.107.63.0/24 maxlen: 24
86.107.60.0/23 maxlen: 23
193.138.192.0/23 maxlen: 23
193.138.194.0/24 maxlen: 24
89.47.0.0/24 maxlen: 24
89.47.14.0/24 maxlen: 24
89.47.12.0/24 maxlen: 24
89.35.224.0/24 maxlen: 24
89.35.229.0/24 maxlen: 24
89.35.232.0/24 maxlen: 24
89.35.236.0/24 maxlen: 24
89.35.234.0/23 maxlen: 23
89.35.238.0/24 maxlen: 24
2a05:8880::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:58:8e:b2:06:51:e2:a7:b9:b2:49:e3:69:f4:6a:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Validity
Not Before: Jan 2 16:37:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cdc31f645d0a44d937a9be4e3da8a63c6eb5756b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:06:73:c8:c5:b0:a0:4c:fa:9b:16:42:6e:18:
cd:ba:13:4a:5d:5b:ec:01:67:50:0d:96:95:f9:3c:
6e:6d:55:34:6a:bf:0d:1d:c7:25:19:2e:28:45:eb:
b9:02:39:af:ad:1f:4b:db:85:62:c9:77:86:14:3c:
5a:17:03:88:dc:5c:27:73:06:03:87:7e:3b:6c:f9:
eb:83:fe:71:e3:d4:6e:2f:bd:1e:c8:1f:7c:1d:50:
c0:7d:6f:cc:89:16:b9:cb:1a:fc:c0:ba:11:eb:72:
de:5b:e2:70:ad:13:c7:8c:da:a4:df:9a:f8:95:bc:
42:36:ff:59:d6:48:13:2c:3b:fa:c5:1e:0b:0b:d6:
41:6a:e2:f4:05:a1:1c:43:a9:ce:b3:9a:3b:ee:91:
f1:2a:09:22:ed:ef:46:e2:79:a5:dd:63:20:17:67:
bc:90:5e:31:f3:b2:d3:58:00:89:79:3c:21:e5:13:
0c:bb:a5:bc:cc:57:60:a6:15:ff:f5:a5:1b:0c:30:
4b:de:81:6f:92:3e:58:a5:5c:a4:38:ac:7f:3f:a6:
78:44:8c:05:f9:8c:24:c3:03:92:55:4f:c1:96:d8:
b0:9f:ac:17:f9:c2:36:50:0c:fa:ba:cb:d5:d5:1b:
09:22:94:2b:42:57:91:28:4a:6d:ce:7c:03:a9:bd:
ab:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:C3:1F:64:5D:0A:44:D9:37:A9:BE:4E:3D:A8:A6:3C:6E:B5:75:6B
X509v3 Authority Key Identifier:
keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/zcMfZF0KRNk3qb5OPaimPG61dWs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.57.0-86.107.61.255
86.107.63.0/24
89.35.224.0/24
89.35.229.0/24
89.35.232.0/24
89.35.234.0-89.35.236.255
89.35.238.0/24
89.47.0.0/24
89.47.12.0/24
89.47.14.0/24
188.211.164.0/23
193.138.192.0-193.138.194.255
IPv6:
2a05:8880::/30
Signature Algorithm: sha256WithRSAEncryption
21:2d:11:19:7d:01:a0:de:72:4a:e1:17:c0:d6:21:80:80:b4:
9c:8a:76:63:3b:8d:67:7c:27:50:19:05:8f:16:70:fb:45:e2:
a1:c3:52:4e:41:18:b1:40:9a:a9:fb:13:17:d1:22:57:0b:23:
a2:ad:85:1c:d2:cc:f2:48:4f:1b:41:78:a7:73:cb:e3:f3:fd:
d9:df:bc:06:1b:93:e1:aa:e7:2d:3e:13:3d:65:01:1f:2c:66:
59:cd:94:e6:4b:b6:ef:4c:14:87:47:fa:fb:80:37:1f:67:9e:
70:98:96:37:69:73:75:06:d4:7c:54:31:1c:3b:65:40:b8:a9:
f8:9a:41:5d:9e:d4:5c:f9:90:c2:80:e4:1c:97:ba:b8:f8:a1:
64:82:d5:cd:2d:b3:b2:2f:6d:60:5b:bc:a4:06:30:16:6c:d6:
fd:55:d5:06:29:93:b7:c0:7a:20:cd:a2:f2:db:6f:75:4c:d2:
17:68:1f:0b:93:64:05:1f:16:28:43:3c:e9:75:23:eb:3c:0b:
55:cd:7e:d4:9e:46:20:14:4b:6b:3c:85:8c:42:22:85:d0:dc:
e4:c5:75:5e:5f:64:e1:4c:cd:b3:f3:85:19:f1:e7:ed:25:8b:
24:b2:63:0d:ef:b6:83:4c:1f:a3:94:f4:28:5c:8e:99:75:47:
74:91:a9:f5
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgISAYVzWI6yBlHip7mySeNp9Go3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjMwMTAyMTYzNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGMzMWY2NDVkMGE0NGQ5MzdhOWJlNGUzZGE4YTYzYzZlYjU3NTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgZzyMWwoEz6mxZCbhjNuhNKXVvs
AWdQDZaV+TxubVU0ar8NHcclGS4oReu5AjmvrR9L24ViyXeGFDxaFwOI3FwncwYD
h347bPnrg/5x49RuL70eyB98HVDAfW/MiRa5yxr8wLoR63LeW+JwrRPHjNqk35r4
lbxCNv9Z1kgTLDv6xR4LC9ZBauL0BaEcQ6nOs5o77pHxKgki7e9G4nml3WMgF2e8
kF4x87LTWACJeTwh5RMMu6W8zFdgphX/9aUbDDBL3oFvkj5YpVykOKx/P6Z4RIwF
+YwkwwOSVU/Bltiwn6wX+cI2UAz6usvV1RsJIpQrQleRKEptznwDqb2rNQIDAQAB
o4ICczCCAm8wHQYDVR0OBBYEFM3DH2RdCkTZN6m+Tj2opjxutXVrMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvemNNZlpGMEtSTmszcWI1T1BhaW1QRzYxZFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGIBggrBgEFBQcBBwEB/wR5MHcwZgQCAAEwYDAMAwQAVms5
AwQBVms8AwQAVms/AwQAWSPgAwQAWSPlAwQAWSPoMAwDBAFZI+oDBABZI+wDBABZ
I+4DBABZLwADBABZLwwDBABZLw4DBAG806QwDAMEBsGKwAMEAMGKwjANBAIAAjAH
AwUCKgWIgDANBgkqhkiG9w0BAQsFAAOCAQEAIS0RGX0BoN5ySuEXwNYhgIC0nIp2
YzuNZ3wnUBkFjxZw+0XiocNSTkEYsUCaqfsTF9EiVwsjoq2FHNLM8khPG0F4p3PL
4/P92d+8BhuT4arnLT4TPWUBHyxmWc2U5ku270wUh0f6+4A3H2eecJiWN2lzdQbU
fFQxHDtlQLip+JpBXZ7UXPmQwoDkHJe6uPihZILVzS2zsi9tYFu8pAYwFmzW/VXV
BimTt8B6IM2i8ttvdUzSF2gfC5NkBR8WKEM86XUj6zwLVc1+1J5GIBRLazyFjEIi
hdDc5MV1Xl9k4UzNs/OFGfHn7SWLJLJjDe+2g0wfo5T0KFyOmXVHdJGp9Q==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:38 2025 by rpki-client